1 BY ORDER OF THE SECRETARY OF THE AIR FORCE AIR FORCE INSTRUCTION NOVEMBER 2011 Incorporating Change 1, 18 December 2014 Communications and Information MANAGEMENT OF CYBERSPACE SUPPORT ACTIVITIES COMPLIANCE WITH THIS PUBLICATION IS MANDATORY ACCESSIBILITY: Publications and forms are available on the e-publishing website at for downloading or ordering. RELEASABILITY: There are no releasability restrictions on this publication. OPR: SAF/A6ONI Supersedes: AFI33-150, 26 November 2008 and AFI33-104, 10 May 2001 Certified by: SAF/A6ON (Col Daniel Elmore) Pages: 29 This Air Force Instruction (AFI) implements Air Force Policy Directive AFPD 33-1, Cyberspace Support. It establishes the management of cyberspace resources to include systems, equipment, personnel, time, and money and provides the directive guidance for Air Force cyberspace support activities. This publication applies to all military and civilian Air Force personnel, members of the Air Force Reserve Command (AFRC), Air National Guard (ANG), third-party governmental employee and contractor support personnel in accordance with appropriate provisions contained in memoranda support agreements and Air Force contracts. In this document, the term "cyberspace support activity" is defined as any action taken to restore communications systems/equipment to operational status, to perform preventive maintenance inspections (PMI) on communications systems/equipment and/or components, or to install or remove communications systems/equipment. The term cyberspace infrastructure refers to equipment and network infrastructure to provide the internet, network operations and command and control, and embedded processors and controllers. The term "Communications systems/equipment" is defined as: transmission, switching, processing, systems-control, and network management systems, as well as equipment, software, and facilities, fixed and deployable, that supports a mission area. The intent of this instruction is to ensure only qualified personnel perform cyberspace support activities and prevent damage to communications hardware, software, stored information, and current mission operations. One or more paragraphs of this AFMAN may not apply to non-af-managed joint service systems. These paragraphs are marked as follows: (NOT APPLICABLE TO NON-AF-MANAGED JOINT SERVICE SYSTEMS). The authorities to waive wing/unit level requirements in this publication are identified with a
2 2 AFI NOVEMBER 2011 Tier ( T-0, T-1, T-2, T-3 ) number following the compliance statement. See AFI , Publications and Forms Management, Table 1.1 for a description of the authorities associated with the Tier numbers. Submit requests for waivers through the chain of command to the appropriate Tier waiver approval authority, or alternately, to the Publication OPR for non-tiered compliance items. Send recommended changes or comments using AF Form 847, Recommendation for Change of Publication, to Cyberspace Strategy and Policy Division (SAF/A6SS), 1030 Air Force Pentagon, Washington DC When collecting and maintaining information protect it by the Privacy Act of 1974 authorized by 10 U.S.C Ensure that all records created as a result of processes prescribed in this publication are maintained in accordance with Air Force Manual (AFMAN) , Management of Records and disposed of in accordance with Air Force Records Disposition Schedule (RDS) located in the Air Force Records Information Management System (AFRIMS). See Attachment 1 for a glossary of references and supporting information. SUMMARY OF CHANGES This interim change (1) incorporates responsibilities of Installation Communication Squadron (CS) Commanders and Tenant Unit Commanders previously documented in AFI , Commanders Guidance and Responsibilities (rescinded); (2) adds AF Data Center Consolidation responsibilities and guidance previously identified via AF Guidance Memorandum; (3) updates office symbol and responsibilities for 38th Cyberspace Engineering Installation Group (38 CEIG); (4) adds requires for AFTO Form 747, Cyberspace Infrastructure Systems Acceptance, and AFTO Form 229, Engineering Installation Assistance; (5) adds Tier waiver approval authorities according to AFI ; (6) removes ATCALS references based on transfer to AF/A3. A margin bar ( ) indicates newly revised material. 1. Purpose Roles and Responsibilities Data Servers And Data Centers Approval Process Attachment 1 GLOSSARY OF REFERENCES AND SUPPORTING INFORMATION Purpose. This instruction implements new communications systems/equipment activity guidelines and changes or eliminates the requirement to complete redundant procedures and practices. Guidance in this publication is intended to assist Air Force personnel in identifying activities required to support Air Force communications. This instruction is an initiative to reduce the number of SAF/CIO A6 departmental- level publications by changing their publications from "stove-piped" system/program-based to audience/role-based focus. Specific procedural information is located in the more detailed Methods and Procedures Technical Orders (MPTO) or specialized publications. Common core communication services for standard user information (e.g., , phone, messaging, etc.) are located in AFMAN , Users Responsibilities and Guidance for Information Systems. Guidance for acquisition and sustainment planning is located in AFI , Integrated Life Cycle Management.
3 AFI NOVEMBER Objectives. The primary objectives of cyberspace support activities are to ensure continuous security, operational availability, and reliability of systems and equipment supporting the Air Force mission. This instruction outlines unit roles and responsibilities to ensure communications systems/equipment are serviceable and properly configured to meet mission requirements Intent. This instruction mandates the use of MPTO 00-33A-1001, General Cyberspace Support Activities Management Procedures and Practice Requirements, which establishes implementation guidance and procedures; MPTO 00-33D-3003, Managing the Cyberspace Infrastructure with the Cyberspace Infrastructure Planning System, which explains how to use the Cyberspace Infrastructure Planning System (CIPS) to document, fund, distribute, implement, and manage the cyberspace infrastructure; and MPTO 33D-2002, Engineering, Implementation, and Cyberspace Readiness Activities Management, which defines the processes and procedures for the management of Engineering Installation (EI) and Cyberspace Readiness activities to include providing Major Commands (MAJCOMs) and bases with the necessary information to process EI requirements for funding via the Air Force (AF) EI Work Plan in CIPS. These elements support the objectives in paragraph 1.1. Note: This AFI and supporting MPTOs cannot alter or supersede the existing authorities and policies of the Director of National Intelligence (DNI) regarding the protection of Sensitive Compartmented Information (SCI) systems or intelligence, surveillance, reconnaissance mission and mission support systems. This AFI and supporting MPTOs cannot alter or supersede higher authoritative guidance governing Special Access Program (SAP) systems, counterintelligence or law enforcement collection operations, or investigations involving communication systems. When DNI or SAP authorities fail to address areas covered by this AFI, this AFI and associated MPTOs need be followed. If there is conflict between this AFI and associated MPTOs with guidance issued by DNI or SAP authorities, DNI or SAP guidance will precedence. TOs are available for ordering through the Enhanced Technical Information System (ETIMS) application on the AF Portal, per TO , Air Force Technical Order System. Contact unit Technical Order Distribution Office (TODO) for assistance. 2. Roles and Responsibilities. Note: For this instruction, the term major command (MAJCOM) also applies to Numbered Air Forces (NAF), Field Operating Agencies (FOA) and Direct Reporting Units (DRU) Chief Information Dominance and Chief Information Officer(SAF/CIO A6). Develops and publishes cyberspace support activities, strategy, policy, tactical doctrine, and programs to integrate warfighting and combat support capabilities, and oversees implementation of enterprise information, information resources, and data management capabilities for Joint, Coalition and Air Force warfighters. Coordinates with military services, MAJCOMs and any additional government agencies as applicable. In addition, SAF/CIO A6 will: Manage cyberspace operations career fields Act as the approval authority for waiver requests to deviate from the requirements of this publication DELETED.
4 4 AFI NOVEMBER Appoint executive agent for IT emerging technologies Establish overall guidance, act as approval authority for plans, and resolve proposed consolidation actions for Centralized Repair Activities (CRA) Act as the approval authority for: Proposed temporary T-1 AFNET system/equipment modifications according to AFI , Modification Management Will oversee management and disposition of all AF data centers as described in paragraph 3, to include the data center components of weapons systems Ensure all requirements support the Federal Data Center Consolidation Initiative (FDCCI) IAW paragraph Coordinate with AFSPC and other Lead MAJCOMs to determine if existing capabilities across the AF or DoD will satisfy the requirement. Requests satisfied by existing capabilities will be disapproved and returned to the requestor along with appropriate rationale and recommended alternatives IAW paragraph Air Force Space Command (AFSPC). As Lead Command for all Air Force Cyberspace Operations via the 24AF(AFCYBER), AFSPC will be the Air Force focal point for establishment, operation, maintenance, defense, exploitation, and attack Cyberspace Operations. AFSPC coordinates the prioritization of all Cyberspace Infrastructure requirements. In addition, AFSPC will: Control the membership of the Engineering and Installation Governance Structure (EIGS) Coordinate the establishment of and the schedule for the EIGS composed of representatives from all MAJCOMs for the review, prioritization, and funding of EI projects Air Force-wide Ensure program information is documented in the CIPS Manage and distribute the consolidated funding for EI projects Manage and distribute the consolidated Military Personnel Appropriation (MPA) man-days for ANG implementation of projects In coordination with 38th Cyberspace Engineering Installation Group (38 CEIG), monitor the execution of cyberspace projects approved for implementation In coordination with the A6 community, develop, manage, and defend EI Program Objective Memorandum (POM) inputs with the information that resides in CIPS Support FDCCI goals and objectives when managing and distributing the consolidated funding for Engineering Installation (EI) projects Air Force Network Integration Center. As a Direct Reporting Unit to AFSPC, AFNIC is designated as the United States Air Force (USAF) lead agency to develop policy and guidance for cyberspace support activities and related areas to shape, provision, integrate and sustain the AF Cyber Network in all four domains: terrestrial, air, space and cyberspace. In addition, AFNIC will:
5 AFI NOVEMBER AFNIC Enterprise Systems Policy, Procedures and Support Division (ESP) will: Manage assigned cyberspace support activities policy, procedures, and MPTO 00-33A Manage all waiver requests relating to cyberspace support activities Manage the Air Force Communications Quality Control Checklist (AFCQCC) program Represent the communications personnel/community as members of workgroups, integrated process/product teams as required Serve as focal point for Air Force guidance and directives regarding communication systems/equipment modifications except when MAJCOM is designated as the Air Force Lead or lead command per paragraph Under direction from SAF/A6SF, develop compliance inspection criteria for the Air Force Inspector General (TIGs) Act as focal point for Standard Reporting Designator assignment for non-air Force Material Command (AFMC) centrally managed commercial items and/or Government-Off-The-Shelf (GOTS) equipment Manage Depot Purchased Equipment Maintenance, Low Density Level (LDL) assets, non-airborne Readiness Spares Packages (RSP), and provide material management assistance to units Provide enterprise level equipment analysis capability metrics, such as reliability, availability, and maintainability, utilizing approved automated information system (AIS) Perform unit-funded staff assistance visit (SAVs) upon request and availability of manpower Manage Information Technology (IT) hardware asset accountability according to AFMAN , Information Technology (IT) Asset Management (ITAM) AFNIC Enterprise Systems Cyber Force Strategies (ESF) will: Manage training resources in support of formal courses, upgrade training, certification training and newly integrated technology training Support cyberspace operations career fields and systems providing/managing computer based training, instructor led training, and virtual instructor led training AFNIC Enterprise Systems Maintenance Management (ESM) will: Perform system management duties and responsibilities as specified in current Memoranda of Understanding (MOU), Memoranda of Agreement (MOA), and Service Level Agreements (SLA) Review MAJCOM recommended changes to Air Force-managed programs, systems/equipment.
6 6 AFI NOVEMBER Assess, evaluate, and ensure compliance with governing directives for communications systems/equipment, as directed or requested AFNIC Integration Engineering (EN) will: Direct engineering standards and solutions to configuration manage, control, integrate, and optimize Air Force network (AFNet) Cyberspace operations and the core services it provides Provide engineering analysis and assessment to characterize and resolve AFNet performance, integration, and interoperability issues to meet customer quality of service delivery expectations Major Commands (MAJCOMs). MAJCOMs implement Air Force guidance concerning their communications systems/equipment. MAJCOMs will: Manage and provide support for command-unique programs and systems/equipment Coordinate MAJCOM policy, procedures, and Technical Order (T.O.) supplements for implementation consideration affecting cyberspace support activities, subject to the following conditions: Supplements must not be less restrictive than higher level publications or the basic publications being supplemented, and must not contradict or conflict with Air Force-wide policy, procedure, or publications according to AFI , Publications and Forms Management Supplements must contain only MAJCOM unique material Recommended MAJCOM supplements to Air Force publications, forms, and checklists. Also, proposed changes to Air Force-wide communications systems/programs/equipment must be coordinated with the appropriate OPR or lead command DELETED Ensure logistics support and life-cycle management plans are developed for MAJCOM-acquired/ procured commercial-off-the-shelf (COTS) communications systems and equipment When designated as Air Force Lead (early development) or as lead command, serve as focal point to develop/implement Air Force guidance and directives concerning communications systems/ equipment Review and forward all waiver requests relating to communications systems/equipment activities to AFNIC/ES via AFSC 3DXXX Functional Managers Act as approval authority for MAJCOM-developed Local Communications Quality Control Checklist (LCQCCs) for command-unique programs, systems and equipment, IAW T.O A Provide quality assurance (QA) guidance, if required.
7 AFI NOVEMBER Manage and act as approval authority for support/maintenance assistance requests. Assistance requests may be accomplished if unit-funded and manpower is available Establish focal point for CRA management, if applicable Prioritize their own work plan(s) and provide representatives to the EIGS for the review, prioritization, and funding of projects Air Force-wide. Reference paragraph 2.5 for EIGS structure and TO 33D-2002 for AF EI work plan process Designate appropriate system functional managers MAJCOMs owning, managing, or operating data centers as defined by OMB (servers in any form, except for those expressly exempted by this AFI) will ensure these facilities are documented in Data Center Inventory Management System (DCIMS) and all obligations to acquire IT are approved IAW the process in paragraph Coordinate any Defense Information Systems Network (DISN) Long-Haul Communications changes required to support data center and data server requests according to AFMAN , Long-Haul Communications Management Engineering and Installation Governance Structure (EIGS). EIGS organizations include the EIGS Council (composed of MAJCOM two-letter representatives), the EIGS Board (MAJCOM three-letter level), and the EIGS Group (MAJCOM four-letter level) which prioritize and approve EI requirements Air Force-wide. In addition, the EIGS will: Provide senior leader guidance to Cyberspace program planners to help determine project priorities Develop minimum submission criteria, provide guidance, and set the schedule for cyberspace infrastructure work plans Establish the funding "cut line" for the EI PEC (Program Element Code) 27436F based on the amount disbursed Review the priorities, adjust them if needed, and approve a single consolidated Air Force-wide centralized EI work plan, considering both contractual implementation and organic implementation In coordination with 38th Cyberspace Engineering Installation Group (38 CEIG), monitor execution of approved EI requirements th Cyberspace Engineering Installation Group (38 CEIG). The 38 CEIG and its squadrons plans, engineers, and delivers a survivable and resilient infrastructure to establish the cyberspace domain and assist the Air Force mission to conduct offensive and defensive air, space, and cyberspace operations. They provide engineering, planning, implementation, management, and consultation support to enable establishment of forward operating bases, combatant command, Air Force, and Joint service net-centric environment. Reference MPTO 00-33D-2002 for all 38 CEIG services and processes. In addition, the 38 CEIG will: Provide Air Force-wide cyberspace infrastructure and health assessments to identify shortfalls and vulnerabilities Provide specialized engineering, operational engineering, and emergency maintenance/restoral.
8 8 AFI NOVEMBER Develop and maintain the Technology Infrastructure component of the AFNet Enterprise Architecture, describing and identifying the physical layer including, the functional characteristics, capabilities, and interconnections of the hardware, software, and communications Provide Combatant Commanders a Designated Operational Capability (DOC)- tasked 72-hour rapid-response EI force that is deployable worldwide Provide a specialized contracting activity that executes responsive acquisition strategies and compliant sourcing solutions in support of the AF Cyberspace Mission, and the Air Force Work Plan Provision, budget, and manage inter-base Long Haul Communications (reference AFMAN ), DISN Subscription Services (DSS), Mobile Satellite Services (MSS) and Teleport Management, GSA FTS2001/Networx Requirements Manager, common user network connectivity oversight, last half-mile connectivity task orders, and AF s MAJCOM Circuit Management Office (CMO) (reference AFI , Mobile Satellite Services Management) Provide enterprise system management support to base communications squadrons/flights, MAJCOMs, Lead Commands, and Air Staff, to include field technical expertise on systems and policy interpretation Provide Cyberspace Information Technology acquisition support, project and program implementation services, and requirements review, preparation, and processing to the AF, Numbered Air Force (NAF)/Air Force Forces (AFFOR), DoD, and other government agencies IAW AFPD 16-5, Planning, Programming, Budgeting, and Execution Process DELETED DELETED As the CIPS Program Management Office (PMO), chairs the CIPS Oversight Group DELETED DELETED DELETED DELETED DELETED DELETED DELETED DELETED Program Managers Program managers will document their program information in CIPS according to MPTO 00-33D-3003 and AFI (T-1). However, information regarding data center infrastructure must be documented in DCIMS according to paragraph 3. (T-0)
9 AFI NOVEMBER Address data center consolidation, according to paragraph 3, in acquisition planning and plan for end state disposition prior to the next major increment or modification. (T-0) All Program Offices owning, managing, or operating data centers as defined by OMB (servers in any form, except for those expressly exempted by this AFI) will ensure these facilities are documented in DCIMS and all obligations to acquire IT are approved IAW the process in paragraph 3. (T-0) 2.8. Engineering and Installation (EI) Total Force Group (TFG). The TFG consists of: one (1) Active-Duty Air Force unit (85 EIS), 15 Air National Guard (ANG) Squadrons, National Guard Bureau (NGB)/A6 EI Functional Area Manager (FAM), 251 CEIG, 253, CEIG, and 38 CEIG. The TFG provides the process to implement funded cyberspace infrastructure projects with organic resources. TFG enterprise oversight is the responsibility of NGB/A6 EI FAM and 38 CEIG. In addition, the TFG will: Review EIGS prioritized projects and make recommendations for organic implementation Dispense EIGS approved projects for organic implementation Communications Unit Commanders or Equivalent Implement all applicable programs listed in MPTO 00-33A MPTO 00-33A topics include Quality Assurance Program, Control of Production, Communications Inspection, Corrosion Prevention and Control Program (CPCP), Historical Record Management, Life Cycle Management, Material Management, Publications Programs, Antenna Identification, Tool Management, Performance Metrics and Algorithms for Communications, Centralized Repair Activities (CRA), System Managers, Specialized Communications Teams (SCT), Common Communications Procedures, and Climbing Training Requirements, Equipment Control. (T-2) Establish a QA work center directly under the Communications Unit Commander or Operations Group as appropriate. (T-3) Assign an individual as the Wing/Base 3A1XX Administration Functional Manager for accession, training, classification, utilization, and career development of enlisted (3A1XX) personnel. NOTE: These personnel operate in every functional area and often do not work in the Wing/Base communications unit. Nevertheless, they are specialized extensions of the total capability for cyber support to the Air Force mission. (T-1) Process and sign the AFTO Form 747, Cyberspace Infrastructure Systems Acceptance, for all cyberspace infrastructure installation actions. (T-2) Serve as the focal point for the installation s cyberspace systems, equipment, and programs. (T-2) Ensure applications, systems, and core enterprise services are hosted only in SAF/CIO A6-approved facilities as defined by paragraph (T-0) Ensure all systems/equipment supported by cyberspace support activities is tracked in the approved AIS to include antennas. (T-2)
10 10 AFI NOVEMBER Ensure only Air Force-approved AIS such as Integrated Maintenance Data System (IMDS), Remedy, Telephone Management System (TMS), CIPS, and Training Business Area (TBA) are used for all customer service requests/work orders and training documentation unless granted a higher headquarters waiver. Note: Follow approved security classification guide or authoritative SAP and DNI guidance when applicable. (T-2) Meet the mission needs of assigned tenant units and geographically separated units (GSUs) not receiving support from another host wing, command, or Service. (T-2) Manage the infrastructure for host systems and tenant systems as defined in support agreements. (T-2) Review and assist with the development of tenant plans involving communications and information resources or activities. (T-3) Develop cyberspace infrastructure annexes and appendices, for installation specific contingency plans and support plans. (T-3) Validate the base blueprint in CIPS prior to Installation commander s endorsement (reference AFTO Form 330, Base Blueprint Endorsement Checklist). (T-3) Be the Approval Authority for CIPS accounts IAW MPTO 00-33D (T-3) Coordinate CSI visits with installation level Functional Area Managers (FAMs) and installation Civil Engineering Squadron planners. (T-3) Manage and document base cyberspace infrastructure projects in CIPS for current and out years. Reference MPTO 00-33D (T-2) Manage all Communications and Information Systems Installation Records (CSIR) for Cyber Operations and Transport Systems per MPTO 00-33A-1001 until CIPS is enhanced to provide that capability. (T-2) Manage the Cable and Antenna Systems Communications Mission Data Set (CMDS) layer in the CIPS Visualization Component (CVC) per MPTO 00-33D (T-2) Prioritize and approve projects on Work Plan submissions in CIPS as applicable Follow the process in MPTO 00-33D-2002 for including Cyberspace Infrastructure requirements in the AF EI Work Plan process. (T-2) Initiate and process the AFTO Form 229, Engineering Installation Assistance, to request services not identified or funded on the AF EI Work Plan as defined in MPTO 00-33D (T-2) DELETED Flight Commander/Flight Chief or equivalents. At a minimum, the Flight Commander and Flight Chief of cyberspace personnel will: DELETED.
11 AFI NOVEMBER Direct PMIs to be accomplished IAW appropriate or established T.O.s or in the absence of T.O.s, commercial manuals or publications Publish local workcards (LWC) and/or checklists if required Waive the accomplishment or approve deviations of scheduled inspections (e.g., PMIs) under conditions listed in MPTO 00-33A Increase frequency or scope of scheduled inspections (e.g., PMIs) or individual inspection requirements when, and if, required Coordinate with applicable agencies/units for cyberspace support activities impacting operations Authorize use of local CQCCs Manage cyberspace deployment processes for equipment, personnel and technical documents Serve as approval authority for cannibalization or controlled substitution activities Work center Supervisors. At a minimum, work center supervisors of cyberspace personnel will: Ensure compliance with directives, technical publications, and supplements Ensure customer service requests and work orders reflect current system/equipment status Understand supervisors roles and responsibilities in the QA program Secure and control government property to include tracking warranty information Coordinate scheduled support actions (e.g., Time Change Item (TCI), and Time Compliance Technical Order (TCTO), Time Compliance Network Order (TCNO), Maintenance Tasking Order (MTO), Network Tasking Order (NTO), etc.) with Communications Focal Point (CFP) Appoint project coordinator [e.g., EI, self-help, Specialized Communications Team (SCT), CIPS], and ensure required duties are accomplished Manage test, measurement, and diagnostic equipment and other test equipment Establish a comprehensive safety program to include such programs as Radio Frequency Radiation, Hazard Material, Hazard Communication, confined space, facility grounding, lock out/tag out, and climbing training Manage work center corrosion prevention and control program (CPCP) and electrostatic discharge program according to MPTO 00-33A Ensure work center logistics support management responsibilities are accomplished Maintain historical files and master inventories on communications systems/equipment in applicable AIS.
12 12 AFI NOVEMBER DELETED Communications Focal Point (CFP). In the base communications squadron/flight, the CFP is the combination of the Maintenance Operations Center (MOC), telephone helpdesk and the traditional network helpdesk functions. The CFP function has tactical control (TACON) of the client service team (CST) Work center. The CST unit commanders retain administrative control of CSTs. The CST Work center retains TACON of all CSTs assigned to the base. A separate MOC may exist at bases where cyber systems are assigned to an Operations Group in addition to equipment/systems assigned to Communications Group/Squadron. The standalone MOC will comply with applicable CFP responsibilities contained in TO 00-33A Note: CFP and Enterprise IT Service Desk (ESD) integration is contained in MPTO 00-33A The CFP will: Manage customer service requests, work orders, and equipment status reporting Manage service requests, trouble tickets, and/or service incidents according to Control of Production procedures in MPTO 00-33A Manage work orders according to procedures in TO 00-33D Note: Work Order Management System (WOMS) is an integrated tool that permits users to create, track, and process work orders within CIPS at both the base and MAJCOM levels, while keeping work orders and infrastructure requirements as separate business objects Provide a 24-hour contact number to customers/users and base Command Post Manage/review approved AIS management products for accuracy and analyzes data for negative trends Manage reports (e.g., situational reports (SITREP), communications statistics, etc.) and disseminate to appropriate personnel for action. The CFP will disseminate monthly ticket and activities information to the unit commander Document and control removal/replacement/cannibalization actions Act as focal point for depot maintenance requests Ensure master PMI schedule is entered into the AIS and includes antennas Review, direct, and monitor accomplishment of scheduled and unscheduled support actions (e.g., TCI, TCTO, TCNO, MTO, NTO, outages, etc) Serve as focal point (i.e., sub-system manager) for the Air Force-approved AISs (e.g., IMDS, Remedy, etc.) Develop procedures to sustain operations in the event of power failure, communications outage, etc Review all SLAs, MOAs, or MOUs for applicability and impact to current cyberspace support activities according to AFI , Intra-Service, Intra-Agency, and Inter-Agency Support Agreements Procedures Provide customers with reporting procedures for communications systems outages/problems.
13 AFI NOVEMBER Perform the Logistics Service Center (LSC) liaison duties of Mission Capable and Turn-Around (TRN) Monitors Act as the main interface with the AFNet ESD Forward all CIPS requirements to the appropriate authority for implementation Quality Assurance (QA). The QA program is responsible directly to the commander or deputy. The QA program applies to all cyberspace AFSCs who sustain systems. At a minimum, QA personnel will: Provide assistance, advice, and authoritative references to work center supervisors and unit leadership Establish and maintain a technical publications program (e.g., technical orders, Air Force Network Standard Operating Procedures, etc.) Manage Quality Assessments and Trend Analysis activities using Air Force approved systems Process material and T.O. deficiencies Review work center facility, systems installation, and equipment records management Perform technical reviews of modifications proposals and process valid proposals according to applicable directives Perform CPCP and electrostatic discharge (ESD) focal point duties according to MPTO 00-33A Review locally devised checklists, operating instructions, publications, and directives annually Submit changes to various publications, T.O.s and other guidance Review statements of work where cyberspace support activities are outsourced Complete Air Force Job Qualification Standard (AFJQS) 3DXXX-201G, Quality Assurance, within 180 days of assuming responsibilities unless previously completed and documented. Use this AFJQS as a guide for training Quality Assurance Representative (QAR) personnel Validate and manage LWCs Use applicable AFCQCCs during evaluations according to MPTO 00-33A Perform in-process, acceptance, deactivation, or transfer inspections on equipment/systems being overhauled, repaired, installed, removed, or newly acquired Tenant Unit Commanders (or equivalent) will: Appoint a tenant communications responsible officer to serve as their single focal point and accountable officer for the cyberspace support systems of their respective activities. (T-2)
14 14 AFI NOVEMBER Define specific tenant and installation communications squadron commander (or equivalent) responsibilities in the support agreement or similar document. Upon appointment, unit commanders (or equivalent) notify the installation communications squadron commander (or equivalent). (T-2) Coordinate with the installation communications squadron commander (or equivalent) to ensure their systems will integrate and interoperate, when necessary, with the DODIN, AFIN, AFNET or host base systems. (T-2) Identify to the host installation, MAJCOM, and lead MAJCOM for Cyberspace Operations, the special engineering, installation, operation and/or maintenance requirements for NSS, SAP or SCI or other federal agency systems that are used by the tenant. (T-2) All Organizations. All organizations owning, managing, or operating servers in any form (data centers as defined by OMB), except for those expressly exempted by paragraph or paragraph will work with the SAF/CIO A6 DCC Team (see paragraph 3.4) to ensure these facilities are documented in DCIMS and all obligations are approved IAW the process in paragraph 3. (T-0) 3. Data Servers And Data Centers Approval Process AF Data Center Infrastructure Management. Under the FDCCI, OMB defines a data center as a closet, room, floor or building for the storage, management, and dissemination of data and information. This definition has been further defined by the DOD CIO to include single and multiple server instantiations regardless of adherence to Uptime Institute or TIA-942 standards. While it is generally recognized that weapon systems may not be data centers, most weapon systems have an IT component that may constitute a data center or reside in a data center. Thus, a weapon system designation, in and of itself, does not justify an exemption from FDCCI, related data center legislation, DOD guidance, or the guidance contained in this AFI. The SAF/CIO A6 will oversee management and disposition of all AF data centers under the purview of aforementioned guidance, to include the data center components of weapons systems AF Data Center Consolidation. The DOD CIO, working under the purview of FDCCI guidance, requires all data centers (exceptions are noted below) to be documented in DCIMS. Records will be created and maintained by data center owners IAW guidance and training provided by the AF Data Center Consolidation team within SAF/CIO A6. Data center end states (discussed below) submitted by data center owners will be adjudicated and approved by SAF/CIO A DCIMS Exemptions. The following items are exempt from FDCCI and do not require entry into DCIMS: IT components constituting a data center that are onboard airborne platforms IT components constituting a tactical data center such as those contained in shelters IT components constituting a data center where the metadata (location, configuration, owner, etc.) is classified. Those systems are inventoried separately by the Director of National Intelligence.
15 AFI NOVEMBER Data Center End States. The following data center end states are defined by the DOD CIO and approved for use in DCIMS: Core Data Center (CDC) These locations are selected by the DOD CIO and operated by DISA Installation Processing Node (IPN) Data centers required to host applications required for base operations where access does not transit the base boundary. IPNs will not allow connections from one base to another and there shall be no more than one (1) IPN per base or installation Special Purpose Processing Node (SPPN) Servers connected to special purpose IT or non-it equipment that cannot be moved due to technical requirements (such as flight simulators) or servers hosting applications critical to Air Force, DOD, or combatant command missions Closed Data centers not identified as one of the three categories above must be projected to close no later than Applications hosted within these data centers must be migrated to a data center approved by SAF/CIO A6 as noted below Application Designations. Applications and/or systems that do not require base boundary transit for use are designated local and may reside in an IPN approved by SAF/CIO A6. All other applications and/or systems are designated enterprise and must be hosted in an enterprise data center approved by SAF/CIO A6 NLT 4th quarter of Fiscal Year 2018 (QTR4FY18). Exceptions may be granted by SAF/CIO A6 for those instances where migration to an enterprise location would introduce risk to mission or an approved business case analysis shows migration to be cost prohibited. Application owners must coordinate with appropriate organizations as directed in Air Force Guidance Memorandum 33-04, Common Computing Environment DISA Core Data Center/MilCloud (any app, system, or service) Commercial Cloud (any app, system, or service) with a DoD Provisional Authorization for the corresponding data level IPNs approved by SAF/CIO A6 (base local apps only) SPPNs approved by SAF/CIO A6 (SPPN specific apps only) Obligation of Funds Related to Data Centers (10 USC 2223a, Data Servers and Centers). Obligations, regardless of appropriation, other required approvals, or other granted authorities to acquire servers and/or equipment related to data centers (items specified below) as defined above must be approved by SAF/CIO A6 prior to execution. Exemptions are outlined below; however, data centers exempted under 10 USC 2223a, Data Servers and Centers must still be documented within the DCIMS, including IT components of weapons systems Exemptions to 10 USC 2223a, Data Servers and Centers: Items acquired using National Intelligence Program (NIP) funds. This does not include Military Intelligence Program fund Items acquired using High Performance Computing Modernization Program (HPCMP) funds.
16 16 AFI NOVEMBER Items within data centers exempted from FDDCI as described in paragraph Items Covered Under 10 USC 2223a, Data Servers and Centers. This guidance applies to obligations of any and all funds to: construct or modify existing data center buildings, facilities, or rooms; or acquire items in the categories listed below regardless of appropriation, requirement, and/or originator Servers of any type Server software of any type Virtual Suites Storage to include Storage Area Networks (SAN), Network Attached Storage (NAS), and Direct Attached Storage (DAS) Racks Uninterruptable Power Supply (UPS) Generators Routers, switches, etc. (unless deployed in a facility separate from a data center or servers such as a wiring closet) Cooling systems and environmental monitoring capabilities Backup capabilities, regardless of medium End user devices (e.g., desktops, laptops, tablets, mobile devices), and associated software and services used within a data center Service, support, and maintenance contracts (e.g., warranty support, preventive, routine, and emergency maintenance) for existing data center capabilities Data Servers and Centers Submission Preparation. Requests for obligation authority under 10 USC 2223a, Data Servers and Centers, must support a data center having an approved record in the DCIMS with a valid DOD identification number. All data centers must also have a corresponding and populated record in the Enterprise Information Technology Data Repository (EITDR). All requests for obligation authority and queries, to include requests for templates or support, must be submitted to the SAF/CIO A6 DCC team via the MAJCOM or FOA A6 to the AF Data Center Consolidation organizational mailbox: 3.5. Data Servers and Centers Submission Process. Organizations must submit a spend plan for each data center maintained in DCIMS NLT 31 July of each year. Data centers in DCIMS without an approved spend plan on file with SAF/CIO A6 will be considered noncompliant. Spend plans must detail individual acquisitions for items listed in paragraph planned for the upcoming year and provide the information listed below in paragraphs Organizations requiring acquisition of items not detailed on approved spend plans must submit an out of cycle request for approval to include the items listed below in paragraphs Spend plans will be approved annually by SAF/CIO A6 to satisfy requirements under the purview of 10 USC 2223a:
17 AFI NOVEMBER Obligation Detail Matrix (format provided by SAF/CIO A6 DCC team) Brief description for each acquisition A description of how each acquisition supports consolidation of infrastructure (FDCCI) and the JIE Individual purchase request or spreadsheet that shows item, quantity, and unit cost for each acquisition An approval memo signed by the wing commander, MAJCOM A6, PMO, or PEO and the approver/signer must be O6/GS-15 or higher. Approval memos must also certify that no capability exists within the base, MAJCOM, or program to satisfy the approved requirement All spend plans against a data center with an end state of Closed must be accompanied by an approved POAM, which clearly depicts closure before end of FY18. Moreover, the acquisitions for these data centers must clearly depict actions to realize closure A description of efficiencies realized including current and project savings in dollars or personnel, reduction in required floors space, or reduction in energy usage Approval Process and Timeline. The SAF/CIO A6 goal for completing review and granting approval or disapproval is 10 working days; however, this can be affected due to unforeseen circumstances. The 10 day clock starts when all required inputs have been received and validated from the requestor. An approval code assigned by SAF/CIOA6 is required prior to execution of contracts or obligation of any and all funds for each item relating to those described in paragraph Approval codes and associated items will be listed on the Obligation Detail Matrix attached to the SAF/CIO A6 approved spend plan and sent to the requestor Out of cycle approval codes may be obtained by sending an electronic message to the AF DCC Team at Requests received prior to 1600 EST will generally be approved the same day with approval codes returned to the requestor. Requestors must present the validation provided by SAF/CIO A6 personnel via the USAF Pentagon SAF-CIO A6 Mailbox A3C-A6C AFDCC Workflow electronic mailbox along with the out of cycle approval code for funds to be obligated by a contracting officer. A SAF/CIO A6 approval memorandum and attached Obligation Detail Matrix must be provided for all obligations relating to items in paragraph 3.3.2, regardless of approval code disposition.
18 18 AFI NOVEMBER Requestor Reporting Requirements. All changes to data center configurations (e.g. shutting down a data center) must be reported within 30 days of the event occurring. Actual obligation amounts must be reported within 30 days of the event occurring for each item on the Obligation Detail Matrix attached to approved spend plans. Failure to comply with these instructions or instructions issued in approval memoranda results in noncompliance for the data center. WILLIAM T. LORD, Lt Gen, USAF Chief of Warfighting Integration and Chief Information Officer
19 AFI NOVEMBER References Attachment 1 GLOSSARY OF REFERENCES AND SUPPORTING INFORMATION AFI , Intra-Service, Intra-Agency, and Inter-Agency Support Agreements Procedures, 18 October 2013 AFI , Supports Agreements Procedures, 1 May 2005 AFI , Mobile Satellite Services Management, 10 February 2005 AFI , Publications and Forms Management, 18 May 2006 AFI , Publications and Forms Management, 25 September 2013 AFI , Radio Management, 8 April 2013 AFI , Military Personnel Appropriation (MPA) Man-Day Program, 22 July 1994 AFI , Air Force Organization, 16 March 2011AFI , Acquisition and Sustainment Life Cycle Management, 17 April 2009 AFI , Integrated Life Cycle Management, 7 March U.S.C. 2223a, Data Servers and Centers AFMAN , USAF Supply Manual, 1 April 2009 AFMAN , Long-Haul Communications Management, 16 May 2013 AFMAN , User Responsibilities and Guidance for Information Systems, 1 June 2012 AFMAN , Information Technology (IT) Asset Management (ITAM), 19 March 2014 AFMAN , Management of Records, 1 March 2008 AFI , Modification Management, 19 March 2013 AFPD 16-5, Planning, Programming, Budgeting, and Execution Process, 27 September 2010 AFPD 33-1, Cyberspace Support, 9 August 2012 AFPD 33-1, Information Resources Management, 27 June 2006 AFPD 33-3, Information Management, 28 March 2006 AFPD 33-3, Information Management, 8 September 2011 DoD CIO Memo, Approvals/Waivers for Obligation of Funds for Data Servers and Centers, 26 Jun 2012 DoD CIO Memo, Approvals/Waivers for Obligation of Funds for Data Servers and Centers, 9 May 2013 DoD CIO Memo, Exemption for Obligation of funds for data servers and data centers related to the High Performance Computing Modernization Program, 25 January 2013 MPTO 00-33A-1001 General Communications Activities Management Procedures and Practice Requirements, 31 March 2010
20 20 AFI NOVEMBER 2011 MPTO 00-33A-1001 General Cyberspace Support Activities Management Procedures and Practice Requirements, 1 May 2014 MPTO 33D-2002-WA, Cyberspace Engineering, Implementation, and Readiness Activities Management, 30 May 2014 MPTO 00-33D-3003, Managing the Cyberspace Infrastructure with the Cyberspace Infrastructure Planning System, 30 December 2010 MPTO 00-33D-3004-WA, Managing Cable and Antenna with the Cyberspace Infrastructure Planning System (CIPS) Visual Component (CVC), 16 July 2012 National Defense Authorization Act (NDAA) Fiscal Year 2012, 2867, Data Servers and Centers, 31 Dec 2011 Public Law T.O , Use and Care of Hand Tools and Measuring Tools, 1 December 2004 Prescribed Forms No forms are prescribed by this publication Adopted Forms AFTO Form 229, Engineering Installation Assistance AFTO Form 747, Cyberspace Infrastructure Systems Acceptance AFTO Form 330, Base Blueprint Endorsement Checklist AF Form 673, Air Force Publication/Form Action Request AF Form 847, Recommendation for Change of Publication See MPTO 00-33A-1001, for other adopted forms. Abbreviations and Acronyms AF Air Force (as used in forms) AFC2IC Air Force Command and Control Integration Center AFCQCC Air Force Communications Quality Control Check sheet AFEMS-AIM Air Force Equipment Management System-Asset Inventory Management AFFOR Air Force Forces AFI Air Force Instruction AFIN Air Force Information Networks AFJQS Air Force Job Qualification Standard AFMAN Air Force Manual AFMC Air Force Material Command AFNIC Air Force Network Integration Center AFPD Air Force Policy Directive
Department of Defense INSTRUCTION NUMBER 8520.02 May 24, 2011 ASD(NII)/DoD CIO SUBJECT: Public Key Infrastructure (PKI) and Public Key (PK) Enabling References: See Enclosure 1 1. PURPOSE. This Instruction:
GUIDANCE ON EXHIBITS 53 AND 300 INFORMATION TECHNOLOGY AND E-GOVERNMENT Table of Contents 1. Why must I report on information technology (IT) investments? 2. What background information must I know? 3.
Checklist to Assess Security in IT Contracts Federal Agencies that outsource or contract IT services or solutions must determine if security is adequate in existing and new contracts. Executive Summary
DEPARTMENT OF DEFENSE (DoD) CLOUD COMPUTING SECURITY REQUIREMENTS GUIDE (SRG) Version 1, Release 1 12 January 2015 Developed by the Defense Information Systems Agency (DISA) for the Department of Defense
Army Regulation 190 13 Military Police The Army Physical Security Program Distribution Restriction Statement. This publication contains technical or operational information that is for official Government
September 2005 PUBLIC DRAFT Acknowledgements The Office of Management and Budget and the Federal Identity Credentialing Committee would like to acknowledge the significant contributions of the National
Defense Business Systems Investment Management Process Guidance June 2012 Executive Summary Section 901 of the Fiscal Year 2012 National Defense Authorization Act (FY2012 NDAA), now codified at Title 10
United States Government Accountability Office Report to the Subcommittee on the Legislative Branch, Committee on Appropriations, U. S. Senate March 2015 INFORMATION TECHNOLOGY Copyright Office Needs to
BY ORDER OF THE SECRETARY OF THE AIR FORCE AIR FORCE INSTRUCTION 44-121 8 JULY 2014 Medical ALCOHOL AND DRUG ABUSE PREVENTION AND TREATMENT (ADAPT) PROGRAM COMPLIANCE WITH THIS PUBLICATION IS MANDATORY
POSITION CLASSIFICATION STANDARD FOR SECURITY ADMINISTRATION SERIES, GS-0080 Table of Contents SERIES DEFINITION... 2 EXCLUSIONS... 2 OCCUPATIONAL INFORMATION... 3 Nature of Security Work... 6 Personnel
Federal Communications Commission Information Technology Strategic Plan Implementing technology today to meet FCC business needs tomorrow Office of the Managing Director Information Technology Center July
Headquarters, U.S. MCO 5530.14A Marine Corps PCN 10208597900 MARINE CORPS PHYSICAL SECURITY PROGRAM MANUAL DISTRIBUTION STATEMENT A: Approved for public release; distribution is unlimited PS JUN 05 2009
Justice Management Division Privacy Impact Assessment for the Personal Identity Verification (PIV) Card System Issued by: Stuart Frisch, Senior Component Official for Privacy Reviewed by: Vance E. Hitch,
Executive Summary FLORIDA DEPARTMENT OF EDUCATION On September 23, 2013, following the Governor's Education Summit, Governor Rick Scott released an Executive Order announcing a plan for policy improvements
JANUARY 2013 REPORT OF THE DEFENSE SCIENCE BOARD TASK FORCE ON Cyber Security and Reliability in a Digital Cloud JANUARY 2013 Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics
Army Regulation 190 11 Military Police Physical Security of Arms, Ammunition, and Explosives Distribution Restriction Statement. This publication contains technical or operational information that is for
Department of Defense INSTRUCTION NUMBER 1322.25 March 15, 2011 Incorporating Change 3, Effective July 7, 2014 USD(P&R) SUBJECT: Voluntary Education Programs References: See Enclosure 1 1. PURPOSE. This
Department of Defense DIRECTIVE NUMBER 5100.01 December 21, 2010 DA&M SUBJECT: Functions of the Department of Defense and Its Major Components References: See Enclosure 1 1. PURPOSE. This Directive: a.
Job Family Standard for Administrative Work in the Information Technology Group, 2200 TABLE OF CONTENTS INTRODUCTION... 2 COVERAGE... 2 MODIFICATIONS TO AND CANCELLATIONS OF OTHER EXISTING OCCUPATIONAL
Request for Proposal: ediscovery Tool Attorney General s Office STATE OF WASHINGTON Request for Proposal (RFP) TITLE: ediscovery Tool RFP Number AGO.PSC.011 Proposal Due Date & Time February 8, 2013 at
DoD 5200.08-R PHYSICAL SECURITY PROGRAM April 9, 2007 Incorporating Change 1, May 27, 2009 UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE (USD(I)) FOREWORD This Regulation is issued under the authority of
Delgado Community College Information Technology Security Policy Approved: *November 5, 2010 ) Delgado Community College IT Security Policy Page 2 *November 5, 2010 Table of Contents Title Page 1.0 Introduction
2014 Australian Government Information Security Manual CONTROLS 2014 Australian Government Information Security Manual CONTROLS Commonwealth of Australia 2014 All material presented in this publication